Internal Financial Controls



Similar documents
How To Ensure Internal Control Of Financial Reporting In India

COSO Internal Control Integrated Framework (2013)

COSO 2013 Internal Control Integrated Framework FRED J. PETERSON, PARTNER MOSS ADAMS LLP

Aboriginal Affairs and Northern Development Canada. Internal Audit Report. Audit of Internal Controls Over Financial Reporting.

Audit of the Policy on Internal Control Implementation

COSO 2013: WHAT HAS CHANGED & STEPS TO TAKE TO ENSURE COMPLIANCE

The Information Systems Audit

COSO s 2013 Internal Control Framework in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting

Table of Contents: Chapter 2 Internal Control

Japanese Guidelines for Internal Control Reporting Finalized Differences in Requirements Between the U.S. Sarbanes-Oxley Act and J-SOX

Internal Controls over Financial Reporting. Integrating in Business Processes & Key Lessons learned

The PNC Financial Services Group, Inc. Business Continuity Program

Guide to Internal Control Over Financial Reporting

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

COSO Framework 2013 & SOX Compliance. Roxanne L. Halverson, CISM, CGEIT Atlanta ISACA Geek Week August 19, 2013

SOX FDICIA COSO 2013 Best Practices Presented by: Raji Sathappan MBA, CRCM, CAMS, CISA

Auditing Standard 5- Effective and Efficient SOX Compliance

The Importance of IT Controls to Sarbanes-Oxley Compliance

Audit Committee Charter

Sarbanes-Oxley Control Transformation Through Automation

Fraud and Role of Information Technology. September 2008

Impact of New Internal Control Frameworks

Integration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand

A LAYPERSON S GUIDE INTERNAL CONTROL OVER FINANCIAL REPORTING (ICFR)

Enterprise Risk Management

IT Governance. What is it and how to audit it. 21 April 2009

Governance, Risk and Best Value Committee

Charter of the Audit Committee of the Board of Directors

Risk Assessment Standards

Quality Assurance Checklist

February Sample audit committee charter

CONTINUOUS CONTROLS MONITORING

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council. Year ended 31 March 2013

Chapter 5. Rules and Policies NATIONAL INSTRUMENT CERTIFICATION OF DISCLOSURE IN ISSUERS ANNUAL AND INTERIM FILINGS

[RELEASE NOS ; ; FR-77; File No. S ]

Using COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

Risk Management Solution for NPO

Communicating Internal Control Related Matters Identified in an Audit

SOLUTION: AUDIT AND INTERNAL REVIEW, MAY 2014

How To Understand The Role Of An Internal Audit

Internal Controls and Risk Management Report

ACCA P1 Internal Control. incorporated into Combined code, it was last revised in 2005 and still present as a standalone document.

Antifraud program and controls assessment grid*

RISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

Sarbanes-Oxley 404. Sarbanes-Oxley Background. SOX 404 Internal Controls. Goals of Sarbanes-Oxley

Risk and Audit Committee Terms of Reference. 16 June 2016

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Part A OVERVIEW Introduction Applicability Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...

Sarbanes-Oxley Section 404 Implementation Practices of Leading Companies

Version: 5 Date: October 6, 2011

Internal Control Integrated Framework. May 2013

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices

Location of the job: CFO Revenue Assurance

How To Set Up A Committee To Check On Cit

S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma

TECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER

CVS HEALTH CORPORATION A Delaware corporation (the Company ) Audit Committee Charter Amended as of September 24, 2014

Audit, Risk Management and Compliance Committee Charter

Audit of the Management of Projects within Employment and Social Development Canada

BOTTOMLINE TECHNOLOGIES (DE), INC. AUDIT COMMITTEE CHARTER

Report on. Office of the Superintendent of Financial Institutions. Corporate Services Sector Human Resources Payroll. April 2010

Business Continuity Management Framework

Audit, Business Risk and Compliance Committee Charter. Spotless Group Holdings Limited ACN

AUDIT OF READINESS FOR THE IMPLEMENTATION OF THE POLICY ON INTERNAL CONTROL

MARLIN MIDSTREAM GP, LLC AUDIT COMMITTEE CHARTER

Sears Hometown and Outlet Stores, Inc. Audit Committee of the Board of Directors Charter

Sarbanes-Oxley Compliance Workbook. From Zero to SOX. Sarbanes-Oxley Compliance Workbook. sensiba san filippo

OBSERVATIONS FROM 2010 INSPECTIONS OF DOMESTIC ANNUALLY INSPECTED FIRMS REGARDING DEFICIENCIES IN AUDITS OF INTERNAL CONTROL OVER FINANCIAL REPORTING

A&CS Assurance Review. Accounting Policy Division Rule Making Participation in Standard Setting. Report

CHARTER FOR THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS SIGMA DESIGNS, INC. (As adopted by the Board of Directors effective as of May 2010)

Government Contractor Business Systems and Overview of System Assessments

Audit Quality Thematic Review

Auditor Attestation of Internal Control Over Financial Reporting: What You Can Expect. A Smaller Public Company Perspective

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland

How To Transform It Risk Management

Corporate Performance Management. Framework, Approach and Challenges Observed

SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners

The PNC Financial Services Group, Inc. Business Continuity Program

FINANCIAL SERVICES FLASH REPORT

Financial Services FINANCIAL SERVICES UTILITIES 57 FINANCIAL SERVICES AND UTILITIES BUSINESS PLAN. CR_2215 Attachment 1

RISK MANAGEMENT AND COMPLIANCE

Third Party Risk Management 12 April 2012

Are You Ready for the New Foreclosure Processing Regulations?

Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm

Safety Management Program

KEYSIGHT TECHNOLOGIES, INC. AUDIT AND FINANCE COMMITTEE CHARTER

Business Continuity Management

Terms of Reference - Board Risk Committee

Guide to the Sarbanes-Oxley Act:

Sarbanes-Oxley Section 404: Management s Assessment Process

Transcription:

Internal Financial Controls

Who All Are Responsible? 3 What is Internal Financial Control (IFC)? 5 What is Internal financial controls over financial reporting (ICFR)? Internal Controls Global Perspective 7 Expected response of stakeholders 8 6 Expressing an opinion on internal control how will you do it 10

The Companies Act 2013 Who All Are Responsible? Section 134 Director s Responsibility Statement In the case of a listed company, the Directors Responsibility states that directors, have laid down IFC to be followed by the company and that such controls are adequate and operating effectively. Section 143 Auditor Report The auditor s report should also state whether the company has adequate IFC system in place and the operating effectiveness of such controls Section 177 Audit Committee Audit committee may call for comments of auditors about internal control systems before their submission to the Board and may also discuss any related issues with the internal and statutory auditors and the management of the company Sch IV Independent Directors The independent directors should satisfy themselves on the integrity of financial information and ensure that financial controls and systems of risk management are robust and defensible. Page 3

The Companies Act 2013 Who All Are Responsible? (contd.) 1 Requirement (as per previous slide) Director s Responsibility Statement (134) IFC Public Listed Paid-up share capital>= INR 10 Cr Public un-listed Turnover >= INR 100 Cr Loans, Borrowing in aggregate >= INR 50 Cr Pvt Cos pd up share capital >= INR 20 Cr 2 Auditor Report (143) 3 Audit Committee (177) 4 Independent Directors (Schedule IV) ICFR ICFR ICFR 5 ICFR Rule 8(5)(viii) of the Companies (Accounts) Rules, 2014 BOD report Financial Statements only (ICFR only) Page 4

What is Internal Financial Control (IFC)? (Sec 134) Components Internal Financial controls overs financial reporting (ICFR) Operational + + Fraud prevention = IFC controls Example Definition Sales realization is correctly recorded in the Financials As per Section 134 of the Companies Act 2013, the term Internal Financial Controls means the policies and procedures adopted by the company for ensuring: orderly and efficient conduct of its business, including adherence to company s policies, safeguarding of its assets, prevention and detection of frauds and errors, accuracy and completeness of the accounting records, and timely preparation of reliable financial information. Page 5 Discount on sale is offered as per DOA and adherence to DOA is monitored Unauthorised change in price master (access controls)

What is Internal financial controls over financial reporting (ICFR)? (Sec 143 - as per ICAI Nov 2014 guidelines) Components Definition Maintenance of financial records (Detail/ Accuracy) Authorizations of transactions (in accordance with GAAP) Safeguarding of the assets of the company + + = ICFR A process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company's internal financial control over financial reporting includes those policies and procedures : 1. Pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; 2. Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorisations of management and directors of the company; and 3. Provide reasonable assurance regarding prevention or timely detection of unauthorised acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements. Page 6

Internal Controls Global Perspective Scope India ICFR + Policies/Procedures + Fraud + Safeguarding Assets USA Internal Control over Financial Reporting (ICFR) UK All material controls, including financial, operational and compliance controls Framework Components of Internal Controls as per SA 315 COSO The UK Corporate Governance Code Guidance ICAI Guidance Issued in November 2014 AS-6 UK Combined Code/Turnbull guidance Control assessment Yes CEO/CFO, Board Yes Yes Auditor attestation Yes ICFR Yes ICFR Yes Rigour of implementation Past precedent low Now - expected to be high High High Page 7

Expected response of stakeholders Board of Directors Company Management Create & test the framework of internal controls u IFC (including operational & Compliance) Auditors Focus on internal controls, to the extent these relate to the financial reporting (ICFR) Auditors responsibility limited to evaluation of Financial reporting controls u u Audit Committee/ Independent Director Would like to see a robust framework that is aligned to acceptable standards Review & question the basis of your controls design and ongoing assessments u u Would rely on the assessment and view of the Audit Committee They may ask for additional information u Controls documentation Page 8

How will IFC help beyond compliance? u Helps in business process re-designing to plug revenue leakages & cost containment opportunities u Helps in rationalizing the number of controls across organization moving to smart and automated controls u Helps in standardizing policies and procedures for multi-location/ multi-business Companies u Fosters a control conscious work culture for people behind controls u Provides assurance to the CEO/ CFO as well as improves business performance u In some instances, also serves as a base for blue print of optimal procedures while thinking about ERP Aimed at strengthening the processes to further improve business, identify cost containment opportunities as well as drive growth Page 9

Expressing an opinion on internal control how will you do it Scoping Design assessment Design Gap remediation Operating effectiveness (OE) Overall assessment and reporting One time Detailed scope Validate & document design Corrective action Prepare test strategy & plan Reporting approach Ongoing Update for changes Seek confirmation on changes Test controls Report Page 10 Leverage Technology for effective enablement of controls

Scoping Design assessment Gap remediation Operating effectiveness Assessment and reporting Key worksteps/ considerations for Scoping: u Map/ Identify significant accounts, processes and key locations u Segregate scope between Business Process and IT u Discuss/ align the scope with External Auditors u Define materiality Key/ non-key Risks u Finalize scope exclusion and validate with auditors u Define scope of processes/ activities performed by third parties u Nominate IFC Champion across processes/ locations u Set up a Steering Committee to review progress/ remediation plans u Align Audit Committee and Board Key Highlights (ICAI note) Significantly larger than CARO IFC (Sec 134) Vs. ICFR (143) IFC includes Operational while ICFR is only reporting Does not apply to consolidated financial statements SOCR reporting from third parties u Finalize templates, documentation standards, reporting packs u Conduct Training/ workshops with process owners Page 11

Scoping Design assessment Gap remediation Operating effectiveness Assessment and reporting COSO 2013 framework Codification of 17 principles embedded in the original framework 1. Control Environment 1. Demonstrates commitment to integrity and ethical values 2. Board of directors demonstrates independence from management and exercises oversight responsibility 3. Management, with board oversight, establishes structure, authority and responsibility 4. The organization demonstrates commitment to competence 5. The organization establishes accountability COSO 2013 Framework 2. Risk Assessment 3. Control Activities 4. Information & Communication 5. Monitoring 6. Specifies relevant objectives with sufficient clarity to enable identification of risks 7. Identifies and assesses risk 8. Considers the potential for fraud in assessing risk 9. Identifies and assesses significant change that could impact system of internal control 10.Selects and develops control activities 11. Selects and develops general controls over technology 12.Deploys through policies and procedures 13.Obtains or generates relevant, quality information 14.Communicates internally 15.Communicates externally 16.Selects, develops and performs ongoing and separate evaluations 17.Evaluates and communicates deficiencies Page 12

Scoping Design assessment Gap remediation Operating effectiveness Assessment and reporting Key work-steps/ considerations for Design assessment: u Finalize Process Owners across each process/ location u Perform & document walkthroughs (recommended) u Document process maps with input, output, risk/ controls, IPE u Segregate controls into Entity/ Process/ IT u Identity controls into Manual, Automated, IT dependent, Preventive/ Detective u Segregate controls into Document Risk & Control matrix with control description, owner, frequency, control evidence etc u Document IT General Controls (GITCs) u Perform Segregation of Duties analysis u Identify design gaps based on walkthroughs, interviews, discussion etc u Benchmarking of IFC controls consolidate, remove redundancy, Key Highlights (ICAI note) Perform Walkthroughs Document Process Flows Entity/ Transaction level GITC Segregation of Duties IT System overview Diagram IPE documentation Controls Benchmarking Page 13

Scoping Design assessment Gap remediation Operating effectiveness Assessment and reporting Key work-steps/ considerations for Gap remediation: u Prioritize financial gaps into Material/ non-material u Prioritize operational/ reputational gaps (if any) into H/M/L impact u Co-develop remediation plan with owners & implementation timelines u Periodic monitoring of remediation plans u Enhance/ optimize IT Controls u Standardized/ centralize processes (wherever possible) u Enhance SOP/ MIS/ DOA etc Key Highlights (ICAI note) Material weakness Test of Design (TOD) Remediation plans u Interim testing to confirm remediated gaps Page 14

Scoping Design assessment Gap remediation Operating effectiveness Testing Assessment and reporting Key work-steps/ considerations for Operating Effectiveness: u Align sampling strategy with auditors u Prepare testing plan & templates u Timing of testing Mid year and roll forward testing u Finalize resources competency & independence/ objectivity u Document testing results u Prioritize testing gaps into Material/ non-material u Identify mitigation/ compensating controls for material gaps u Co-develop remediation plans for testing gaps including owners and implementation timelines Key Highlights (ICAI note) Sampling methodology JE CAATs Linkage with ELCs Timing of testing Extending sample size Analysis of error in the sample - Tolerable error etc Page 15

Scoping Design assessment Gap remediation Operating effectiveness Assessment and reporting Key work-steps/ considerations for Gap remediation: u Finalize material weakness and update Executive management u Report to Audit Committee (AC) and Board Key Highlights (ICAI note) Opinion on IFC Material weakness Page 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information